NPM Supply Chain Attack - September 2025 (Shai-Hulud Worm)
The Shai-Hulud operators are an unidentified cybercrime group behind the September 2025 NPM supply chain attack, deploying a self-replicating worm to compromise over 500 packages in the world's largest JavaScript registry. Initiated via phishing maintainer accounts (e.g., fake npmjs.help emails demanding 2FA updates), the malware injects post-install scripts that steal secrets (npm tokens, GitHub creds) and propagate autonomously. Primarily targeting crypto/wallet interception in browsers, it af
Rudra Verma, Senior Security Architect & Researcher